You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@kudu.apache.org by "Alexey Serbin (Jira)" <ji...@apache.org> on 2021/03/16 02:55:00 UTC

[jira] [Updated] (KUDU-2871) TLS 1.3 not supported by krpc

     [ https://issues.apache.org/jira/browse/KUDU-2871?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Alexey Serbin updated KUDU-2871:
--------------------------------
    Status: In Review  (was: In Progress)

> TLS 1.3 not supported by krpc
> -----------------------------
>
>                 Key: KUDU-2871
>                 URL: https://issues.apache.org/jira/browse/KUDU-2871
>             Project: Kudu
>          Issue Type: Bug
>          Components: master, rpc, security, tserver
>    Affects Versions: 1.8.0, 1.9.0, 1.9.1
>            Reporter: Todd Lipcon
>            Assignee: Alexey Serbin
>            Priority: Major
>
> The TLS negotiation in our RPC protocol assumes a whole number of round trips between client and server. For TLS 1.3, the exchange has 1.5 round trips (the client is the last sender rather than the server) which breaks negotiation. Most tests thus fail with OpenSSL 1.1.1.
> We should temporarily disable TLS 1.3 and then fix RPC to support this.



--
This message was sent by Atlassian Jira
(v8.3.4#803005)